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ABSTRACT 



PROBLEM TO BE SOLVED: To provide a remote authentication system and a 
remote authentication method which are highly reliable in security, and 
can surely authenticate an indivisual by means of biometrics information 
being the individual information of a user while protecting the 
biometrics information. 

SOLUTION: Since the biometrics information being the individual 
information of the user is ciphered and the biometrics information is 

transferred on a network 2 in a state decipherable only by an 
authentication server 3 specified by the user , the privacy of the user 
which is the biometrics information is surely protected in the form of 

reflecting the intention of the user . Also, since the date and time 
of preparing authentication information are confirmed in the 
authentication server 3, the illegal reuse of the authentication 
information is prevented. Further, since whether or not the 
authentication is performed by the authentication server 3 is confirmed 

on an authentication request side, thus this system is maintained high in 

security . 
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Authentication device by biometric data, separates time -stamp data 

that is added to biometric data based on which authentication of user 

is performed 
Patent Assignee: TAKAMI S (TAKA-I) 
Number of Countries: 001 Number of Patents: 001 
Patent Family: 
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Patent Details: 
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JP 2002169781 A 4 G06F-015/00 

Abstract (Basic) : JP 2002169781 A 

NOVELTY - The device destroys a portion of the biometric data based 
on the time -stamp data. The time -stamp data added to the biometric 
data is separated and the authentication of a user is performed. 
After authentication , the biometric data is stored in a database (30) 
along with the time -stamp data portion based on a predetermined 
priority . 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is included for 
authentication method by biometric data . 

USE - For authentication of user using biometric data. 

ADVANTAGE - The biometric data with time -stamp data cannot be 
utilized for another time , hence the recycling of the biometric 
data is prevented, and ensures greater safety and effectiveness. 

DESCRIPTION OF DRAWING (S) - The figure shows the outline structure 
of the authentication device by biometric data. (Drawing includes 
non-English language text) . 

Database (30) 
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ABSTRACT 

PROBLEM TO BE SOLVED: To actualize a common-use computer using method which 
can maintain high security without making a user pay attention to 
environment that the user has constructed and a file that the user has 
generated by immediately constructing the environment of a personal 
computer which was used once by another personal computer. 

SOLUTION: On a common-use computer system device , the user after 
being authenticated for use performs a operation process wanted to be 
tried (F3), an information group that the user stored in a storage means 
of a personal computer Cll by decentralization in the operation process or 
at a time at the end according to the operation process is ciphered in 
the personal computer Cll with a key corresponding to the user , and the 
obtained ciphered sentence is stored in a storage means of a server SI as 
ciphered difference information as it is. An information group which is 
deleted from the storage means of the personal computer Cll according to 
the operation process is deleted from the storage means of the server SI 
(F4) and reused when the common-use computer system device is 
used next time (F6) . 
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Internet -based authentication system for medical application, 
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Abstract (Basic) : US 20020095605 Al 

NOVELTY - An authentication processor receives a user 
identification information including a user identifier . A 
communication processor communicates an authentication service 
identifier and the user identifier to a managing application which 

authenticates the user using the authentication service 
identified by the service identifier . 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is included for 
authentication method. 

USE - For authenticating physicians and other individuals for 
on-line access of medical records. 

ADVANTAGE - Provides common and essential session properties for 
providing access to an array of comprehensive information sources and 
related services. Facilitates reuse and interoperability of web-based 
application in multiple sequences and current operation configurations. 

DESCRIPTION OF DRAWING (S) - The figure illustrates command 
interaction between concurrently-operating applications, a web browser, 
and a manager . 
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Abstract (Basic) : KR 2001008278 A 

NOVELTY - A method for managing a lottery for recycling a 
publicity booklet and increasing the effect of publicity is provided to 
allocate a unique number to the publicity booklet, to use the unique 
number as a number for receiving a gift on an online network, and to 
select some of the unique numbers voted by members . 

DETAILED DESCRIPTION - If a user accesses a server via an online 
network, the user is authenticated (1-1) . The unique number is 
allocated to a service user . The unique number that the user 
receives can be the unique number of the publicity booklet distributed 
via an offline system or the ID of the user . If the user inputs 
his/her unique number into a unique number giving engine (1-3), (1-2), 
the engine (1-3) assigns the unique number to the user . The user 
accesses the server to check the gift number. The weight of the unique 
number can be increased, based on the right of the user . The unique 
number which participates in the event of the lottery the most 
frequently is determined as a winning number of the gift. 
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Concurrent or multiple user access controller for on-line computer 
systems/ includes binary bits which are indicative of current logins in 
same word 

Patent Assignee: INT BUSINESS MACHINES CORP (IBMC ) 
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Abstract (Basic) : US 6035404 A 

NOVELTY - Internal user ID is assigned to each user . A user 
login map (ULM) for recording current number of logins, contains 
binary words each with several binary bits. One or more binary bits in 
same word are indicative of current logins. A record of each access 
session are temporarily kept in progress where one bit of word 
indicates current status for single user ID . 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
method of controlling user access over stateless network. 

USE - For control of user access for stateless network. 

ADVANTAGE - A state look-up table is used to manage the 
distribution of account between all authorized users , such that 
equitable use of limited facility can be had by all users , when more 
than the permitted number of users try to access the system at same 
time . 

DESCRIPTION OF DRAWING (S) - The figure shows flow chart for control 
of access to users . 
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Abstract (Basic) : US 5918228 A 

NOVELTY - If the web transaction request received from web client 
(10) is determined to be originated from authenticated user of 
distributed file system, the web server reuses the authentication 
identifier of user credential to retrieve file from distributed file 
system on behalf of web client. 

DETAILED DESCRIPTION - The web server is temporarily inhibited from 
using the authentication identifier upon logging of web 
transaction, until next web transaction is performed by the user . 
INDEPENDENT CLAIMS are also included for the following: 

(a) computer program product; 

(b) computer connected in distributed computing environment 

USE - For enabling web server to impersonate user of distributed 
file system to obtain secure access to supported web documents in world 
wide web environment . 

ADVANTAGE - Extends functionality of existing standalone web 
servers in enterprise environment to improve scalability, file 
availability and security features of distributed file systems. The 
user with an off-the-shelf browser is enabled to easily access the web 
information stored in distributed file system name space without any 
additional software on client machine. 

DESCRIPTION OF DRAWING (S) - The figure shows process flow diagram 
illustrating web transaction. 

Web client (10) 
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Abstract (Basic) : US 5732138 A 

The unauthorised access prevention involves the generation of 
pseudo-random numbers, where initially the state of a chaotic system is 
digitised, by recording (100) a chaotic source e.g. a lava lamp, to 
form (105) a binary string. A cryptographic hash function i.e. NIST 
SHS-1 is applied (110) to the binary string to produce a second binary 
string . 

The second binary string is used (115) to seed a random number 
generator (120) of Blum-Blum-Shub type, the output of which is used in 
forming a password or cryptographic key for use in a security 
system. Further passwords or keys can be generated by passing 
(125,130) the seed through the number generator again. 

USE - For encryption of bank transactions and accounts. 

ADVANTAGE - Enables generation of long sequence of pseudo- random 
numbers with reasonable computation time , by generating shorter 
random numbers and reusing the seed generated from them, thus 
avoiding time bottlenecks in computation caused by repeated random 
number generation. 
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Abstract: In this paper, a new Yaksha security system is presented based 
on ELGAMAL (NOT RSA) algorithm, The system is capable of reusing a single 
security infrastructure to perform various security functions -cryptography , 
digital signatures, distributed authentication and key exchange. At the 
same time , how the system can be used for key escrow is also described, 
one of the discussions which attract public attention. (Edited author 
abstract) 8 Refs. 
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Software construction is increasingly complicated. Success will 
require breakthroughs in the production process and in methods and tools to 
assess and improve products. A technology for improving software quality 
and productivity is software reuse . To achieve an effective and efficient 
software construction requires software reuse facilities, promotions, and 
practices. Concepts, models, and support tools or frameworks for 
controlling, supporting, and easing the object-oriented system's design 
practices, development, operations, and maintenance are needed. Research 
must be wedded to large scale development. Some previous research results 
in software reuse technology support this need, i.e., to build the 
required model. 

This dissertation research is focusing primarily on solving one of the 
technical problems in applying software reuse , i.e., the customization 
and/or composition problems. It introduces a required model, i.e., an 
Automated Access Control Model . This model contains a framework 
architecture of the access control mechanism as the core model and five 
other supporting concepts. The five supporting concepts are view's concept 
as a triple relation between server-client-operations, separation of 
objects into interface and implementation class lattices concept to 
represent the abstraction and encapsulation, user access connection 
concept to authenticate the user to use and access the system, and 
perform the authorized operations, object linking and embedding concept to 
be able to link or embed object (s) to applications, and automation concept 
to automate the applications to be able to expose operations/behaviors to 
the controller/client or to control the applications/servers by 
invoking/using the server's operations/behaviors. 

The prototype of the model introduced above, combined with the other 
related models has been exercised in practical implementation to achieve 
the main objective of the object-oriented software construction, i.e., to 
promote or to increase the object-oriented component reuse . 

The benefit of this model is to ease the object-oriented system 
developer's work, in designing, developing, operating, and maintaining 
their systems. It does this by automating the access control to objects, 
which in turn will greatly improve the software reusability by saving 
development and maintenance time and cost, increase the system's 
operation efficiency, and improve the system's productivity and quality. 
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Abstract: HTTP is a kind of stateless protocol. Though HTTP provides 
basic authentication services to support the legal access of users , its 
function is weak. This paper introduces the digest access authentication 
technology that HTTP provides, analyzes the weakness of the frequently used 
"One Time Password " authentication method, and presents improvements 
and an implementation in Java. (6 Refs) 
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Abstract: We present protocols that allow a user Alice, knowing only 
her name and password , and not carrying a smart card, to " log in to 
the network" from a "generic" workstation, i.e., one that has all the 
necessary software installed, but none of the configuration information 
usually assumed to be known a priori in a security scheme, such as Alice's 
public and private keys , her certificate, and the public keys of one or 
more CAs . By "logging in", we mean the workstation retrieves this 
information on behalf of the user . This would be straightforward if Alice 
had a cryptographically strong password . We propose protocols that are 
secure even if Alice's password is guessable. We concentrate on the 
initial retrieval of Alice's private key from some server Bob on the 
network. We discuss various protocols for doing this that avoid off-line 
password guessing attacks by someone eavesdropping or impersonating Alice 
or Bob. We discuss auditable vs. unauditable on-line attacks, and present 
protocols that allow Bob to be stateless , avoid denial -of -service 
attacks, allow for salt, and are minimal in computation and number of 
messages. (11 Refs) 
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Abstract: Password Sentry 1.0 from BindView was developed to give 
NetWare servers an extra level of password authorisation to give a higher 
degree of password security than is provided within the existing product. 
NetWare's existing password protection features ensure passwords cannot 
be the same as login IDs , specify minimum password length, make sure 
passwords are changed regularly and are not reused , and give intrusion 
protection. But these facilities do not stop users from choosing 
passwords that are easy to guess, such as their middle name. Password 
Sentry checks password security either when a password is changed or 
during a regular scan. It uses a built-in database of more than 1 million 
words, broken down into around 18 tables including legal, medical, computer 
and Star Trek terms and eight different languages. (0 Refs) 
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Abstract: Summary form only given, as follows. To provide more trust for 
systems being developed to meet the C2 Class of Trusted Computer Systems 
Evaluation Criteria (TCSEC) , a technique is suggested for systems providing 
audit; identification and authentication , and discretionary access 
control of and secure reuse of objects. The technique is to 'borrow 1 
concepts from the B and A division of the TCSEC for use at the C division. 
The Defense Intelligence Agency (DIA) has developed a set of requirements 
known as the Compartmented Mode Workstation (CMW) requirements. These 
requirements take as a basis the Labeled Security Protection (Bl) Class of 
the Department of Defense TCSEC and augment it with accountability and 
assurance requirements from the B2, B3 and even Al classes of the TCSEC. 
The article discusses the TCSEC requirements used for defining the ones 
listed. It gives rational for consideration of such requirements in a C2 
system, and discusses alternatives for implementation of the requirements 
listed. (0 Refs) 
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Description of the Invention: 

...FIG. 9 illustrates a schematic diagram for an alternate embodiment 
of this invention of the stateless authentication scheme using a 
single secret key K 31 shared by the sender and receiver. The input 
string x 23 (which is. . . 

...of blocks of the input plaintext string. For instance, for the preferred 
embodiment of the stateless authentication scheme using two secret 
keys K and K 1 (viz., FIG. 5), if r[sub]o, the random number of the... 

. . .message signing procedure applies to all other embodiments of this 

invention, not just to the stateless authentication scheme using two 
secret keys K and K. . . 

...out-of-order processing of tag verification. For instance, for the 

preferred embodiment of the stateless authentication scheme using two 
secret keys K and K' (viz., FIG. 6), if the random number r[sub]o is 
received. . . 

. . .of tag verification applies to all other embodiments of this invention, 
not just to the stateless authentication scheme using two secret 
keys K and K' (described in FIGS. 5 and 6... 



Set Items Description 

51 54 663 AUTHENTICAT? OR LOGIN OR LOGON OR SIGNIN OR SIGNON OR (LOG 

OR SIGN) () ("IN" OR ON) OR PASSWORD? OR PASSO (WORD OR WORDS OR 
PHRASE?) 

52 160041 GLOBAL UNIVERSAL OR "NOT" ( ) STATEFUL OR STATELESS OR REUSE? 

OR RECYCLE? OR USE () AGAIN? OR RE ( ) (USE OR CYCLE OR USING) OR 
REUSING OR RECYCLING OR STATE () LESS OR SESSIONLESS 

53 409552 KEY OR KEYS OR IDENTIFIER? OR BIT () STRING? ? OR ID OR IDS - 

OR LABEL OR LABELS 

54 221607 9 SECURITY () CONTEXT? OR ORGANIZATION? OR USER? OR INDIVIDUAL? 

OR MEMBER? OR EMPLOYEE? 

55 5755856 LOCATION? OR ROLE? OR ACCESS () LEVEL? OR EXPIRATION? OR POS- 

ITION? OR TIME OR DATE OR TIMES OR DATES OR DURATION 

56 54 SI AND S2 AND S3 

57 38 S6 AND (S4 OR S5) 

58 25 S7 NOT AD=20010419 : 20030419 

59 21 S8 NOT AD=20030419:20050905 

510 17 S9 AND IC=(G06F OR H04L) 

511 30 S6 AND (KEY OR KEYHANDLE? OR KEYS) 

512 13 Sll NOT S8 

513 26 SI AND S2 AND S4 AND S5 

514 22 S13 AND IC=(G06F OR H04L OR H04N) 

515 34 S12 OR S14 

516 21 S15 NOT S7 

517 11 S16 NOT AD=20010419:20040419 

518 11 S17 NOT AD=20040419:20050922 

519 2425 (ONE OR SINGLE OR ONLY OR CENTRAL? OR UNIVERSAL? OR GLOBAL? 

OR SYSTEM () WIDE) (2N) SI 

520 126450 (MULTIPL? OR PLURAL OR MANY OR SEVERAL OR DIFFERENT OR VAR- 

IOUS OR VARIET? OR DISTRIBUTED) (2N) (SYSTEM? OR MODULE? OR PRO- 
GRAM? OR NODE? ? OR WORKSTATION? OR WORK () STATION? ) 

521 98 S19 AND S20 

522 10 S21 AND (KEY OR KEYHANDLE? OR KEYS OR KEYPAIR?) 

523 2 S21 AND (ALGORITHM? OR FORMULA? OR CALCULATION?) 

524 12 S22 OR S23 

525 1.0 S22 NOT (S18 OR S7 OR S12) 

File 347:JAPIO Nov 1 97 6-2005/Apr (Updated 050801) 

(c) 2005 JPO & JAPIO 
File 350:Derwent WPIX 1 963-2005/UD, UM &UP=200555 

(c) 2005 Thomson Derwent 



25/5/1 (Item 1 from file: 347) 

DIALOG (R) File 347:JAPIO 

(c) 2005 JPO & JAPIO. All rts. reserv. 



06753409 **Image available** 
PASSWORD INTEGRATION MANAGEMENT SYSTEM 



PUB. NO. : 
PUBLISHED: 
INVENTOR (s) : 
APPLICANT (s) 
APPL. NO. : 
FILED: 
INTL CLASS: 



2000-339271 [JP 2000339271 A] 
December 08, 2000 (20001208) 
MIHASHI TOSHIYUKI 
NEC CORP 

11-150649 [JP 99150649] 
May 28, 1999 (19990528) 
G06F-015/00; G06F-013/00 



ABSTRACT 



PROBLEM TO BE SOLVED: To provide a password integration management system 
which efficiently manages an access to a distribution connected processor. 

SOLUTION: An ID number and a password are inputted from an input device 2 
connected to a terminal 1 for displaying a job screen. A job server 3 has 
an ID storage part 31 for storing the ID number and a cryptographic key 

encoding part 32 for decoding the cryptographic key , and executes job 
processing. An authentication server 4 has an ID/password storage part 41 
for storing association between the ID number and the password and a 
cryptographic key generation part 42 for generating the cryptographic 

key , and stores authentication information.' In this structure, it is 
integrally managed whether or not it is valid to start job processing in a 
distribution connected processor. Thus, in jog start processing in plural 

job system , job start of all system is enabled by a single user ID/ 

password without a system user being conscious of all the user 
ID/password managed by individual system and using them for different 
purposes . 
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ABSTRACT 

PURPOSE: To provide a distributed authentication server having the same 
authentication function as that of a centralized management type 
authentication server and realizing high fault tolerance. 

CONSTITUTION: In the communication system including a device 14 being a 
distributed authentication server, a authentication receiver 15 requesting 
authentication sends a authentication request message including identifier 
of a authentication receiver and that of a authentication server to each 
device 14 of the distributed authentication server and each device 14 of 
the distributed authentication server generates a ciphered authentication 
identifier by a secret key relating to the authentication receiver based 
on the authentication request message in the common. ' Then the 
authentication message is generated by ciphering the authentication 
identifier with a secret key relating to the authentication receiver and 
each device 14 of the distributed authentication server sends the 
authentication message to the authentication receiver 15. Then the 
authentication receiver 15 receiving the authentication message decodes the 
authentication message and sends the obtained authentication identifier to 
the authentication server 15, and the authentication server 15 receiving 
the authentication identifier decodes the authentication identifier to 
verify the authentication receiver. 
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Abstract (Basic) : US 20030061512 Al 

NOVELTY - A request to access resource protected by an application 
service provider (ASP) aggregator service that provides single - sign 
- on functionality for non-sourced applications hosted by ASP is 
received from a client. The client is required to successfully complete 
an authentication process after which a response accompanied by an 
aggregator token comprising uniform resource identifier is sent to the 
client . 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
following : 

(1) apparatus for access management in a distributed data 
processing system ; and 

(2) computer program product in a computer readable medium for 
performing the method of access management. 

USE - For access management in distributed data processing 
system . 

ADVANTAGE - A coherent interface is maintained between the user and 
the ASP architecture. The user attempts to reuse saved session 
information directly with a hosted application is recovered due to the 
single - sign - on mechanism within an ASP infrastructure. The 
modification to an ASP aggregator services infrastructure is minimum. 
The infrastructure of ASP aggregator service is easily modified. 

DESCRIPTION OF DRAWING (S) - The figure shows a temporal flow 
diagram that depicts some of the action and communication traffic for a 
single - sign - on operation with an ASP aggregator service. 
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